Blog Posts Tagged with "HoneyPot"

Ghost is a honeypot for detecting malware that spreads via USB devices. It first tries to emulate a USB thumb drive. If the malware identifies it as a USB thumb drive, it will trick the malware into infecting it. Ghost then looks for write based requests on the drive, which is an indication of a malware...

Honeypots are simple technology intended to be compromised. There is little or no production traffic going to or from the device, so any time a connection is sent it is most likely a probe, scan, or an attack. Any time a connection is initiated from the honeypot, this most likely means it was compromised...

Being the victim of an attack is not fun and it is easy to understand why businesses would like to take a more active stance against the attackers. Unfortunately, businesses that go down this path are likely to run into technical and legal problems. Let’s examine some of the possible outcomes...

Did you know that this year the number of Wi-Fi connected devices will exceed the world’s population? This incredible statistic highlights the ubiquitous nature of Wi-Fi. However, the convenience of public Wi-Fi practically everywhere comes at the cost of greater risk to users...

At first I thought that players in the patriot hacker movement may have been involved, but it seems more so now that all points to a concerted action by governments. The hacking of the sites likely was done via bad installs of PHP and SQL on the boxes that the databases resided on...

The current volumes of spam email are extraordinary. Between 70% and 80% of all email sent are spam. As none of the current methods described here are completely effective, there is still scope for much further research in this area...

There are a wide variety of open source tools that can be leveraged around Snort, making it a powerful approach to visibility. Having people in the industry who know how the systems Snort work allows for better development of signatures for nefarious issues...

The three scenarios exercise the legal issues of government access to information of increasing depth. The first two speak to capabilities that should be further developed -honeynets and continuous monitoring - while the third scenario in part touches on workforce development...

Our inspection revealed a job in the scheduler set to kick off on Saturdays at 5am and launch this particular malware component which appeared to be designed to grab the cookies from the browser and some credentials from the system and users then throw them out to the host in China...

It's a game of sorting out what possible accounts exist on a machine, and which accounts can have a dictionary attack launched against them. The vast majority of attackers will use yet another SIPVicious tool called svcrack against a machine they've scanned and constructed an account list for...

So an attacker launched a scan, who cares, it happens and even if I outright blacklist him, odds are, he is on a throwaway address or compromised host. Nevertheless he scans. At some point in time, he WILL come across the honeypot I left in plain sight for him...

Project Honeypot does an amazing job at keeping detailed information on scanners / harvesters and brute forcers, the likes of which are the daily enemy of said admins. They offer a service called HTTP Block List or 'HTTP:BL'...